# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Contributor: Rasmus Thomsen <oss@cogitri.dev>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=nss
pkgver=3.55
pkgrel=1
pkgdesc="Mozilla Network Security Services"
url="https://developer.mozilla.org/docs/Mozilla/Projects/NSS"
arch="all"
license="MPL-2.0"
options="!check" # failing tests
depends_dev="nspr-dev"
makedepends="nspr-dev sqlite-dev zlib-dev perl bsd-compat-headers linux-headers"
subpackages="$pkgname-static $pkgname-dev $pkgname-tools"
source="https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-$pkgver.tar.gz
	nss.pc.in
	nss-util.pc.in
	nss-softokn.pc.in
	nss-config.in
	"

# secfixes:
#   3.55-r0:
#     - CVE-2020-12400
#     - CVE-2020-12401
#     - CVE-2020-12403
#     - CVE-2020-6829
#   3.53.1-r0:
#     - CVE-2020-12402
#   3.49-r0:
#     - CVE-2019-17023
#   3.47.1-r0:
#     - CVE-2019-11745
#   3.41-r0:
#     - CVE-2018-12404
#   3.39-r0:
#     - CVE-2018-12384

prepare() {
	default_prepare

	# Respect LDFLAGS
	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' \
		"$builddir"/nss/coreconf/rules.mk

	# Fix missing includes
	echo 'INCLUDES += -I../include' \
		>> nss/lib/dbm/src/manifest.mn
	sed 's|-Ideprecated|-Ideprecated -I../util -I../softoken -I.|' \
		-i nss/lib/freebl/Makefile
	echo 'INCLUDES += -I../util' \
		>> nss/lib/sysinit/manifest.mn
}

build() {
	unset CFLAGS
	unset CXXFLAGS
	# Don't do a debug build
	export BUILD_OPT=1
	# Use -Os instead of -O2 where possible
	export OPT_CODE_SIZE=1
	# Explicitly link freebl lib with nspr
	export FREEBL_NO_DEPEND=0
	export NSS_USE_SYSTEM_SQLITE=1
	export NSS_ENABLE_WERROR=0
	# Disable deprecated cipher
	export NSS_DISABLE_DEPRECATED_SEED=1
	export NSPR_INCLUDE_DIR=$(pkg-config --cflags-only-I nspr | sed 's/-I//')
	export NSPR_LIB_DIR=$(pkg-config --libs-only-L nspr | sed 's/-L//')
	case "$CARCH" in
		*64* | s390x) export USE_64=1;;
	esac

	make -C nss/coreconf
	make -C nss/lib/util
	make -C nss/lib/dbm
	make -C nss/lib/sysinit
	# "all" really doesn't build all targets, so we have to list the others we want above
	make -C nss all
}

check() {
	HOST=localhost DOMSUF=localdomain sh "$builddir/nss/tests/all.sh"
}

package() {
	replaces="nss-dev libnss"

	install -m755 -d "$pkgdir"/usr/lib/pkgconfig
	install -m755 -d "$pkgdir"/usr/bin
	install -m755 -d "$pkgdir"/usr/include/nss/private

	NSS_VMAJOR=$(awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h)
	NSS_VMINOR=$(awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h)
	NSS_VPATCH=$(awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h)

	# pkgconfig files
	local _pc; for _pc in nss.pc nss-util.pc nss-softokn.pc; do
		sed "$srcdir"/$_pc.in \
			-e "s,%libdir%,/usr/lib,g" \
			-e "s,%prefix%,/usr,g" \
			-e "s,%exec_prefix%,/usr/bin,g" \
			-e "s,%includedir%,/usr/include/nss,g" \
			-e "s,%SOFTOKEN_VERSION%,$pkgver,g" \
			-e "s,%NSPR_VERSION%,$pkgver,g" \
			-e "s,%NSS_VERSION%,$pkgver,g" \
			-e "s,%NSSUTIL_VERSION%,$pkgver,g" \
			> "$pkgdir"/usr/lib/pkgconfig/$_pc
	done
	ln -sf nss.pc "$pkgdir"/usr/lib/pkgconfig/mozilla-nss.pc
	chmod 644 "$pkgdir"/usr/lib/pkgconfig/*.pc

	# nss-config
	sed "$srcdir"/nss-config.in \
		-e "s,@libdir@,/usr/lib,g" \
		-e "s,@prefix@,/usr/bin,g" \
		-e "s,@exec_prefix@,/usr/bin,g" \
		-e "s,@includedir@,/usr/include/nss,g" \
		-e "s,@MOD_MAJOR_VERSION@,${NSS_VMAJOR},g" \
		-e "s,@MOD_MINOR_VERSION@,${NSS_VMINOR},g" \
		-e "s,@MOD_PATCH_VERSION@,${NSS_VPATCH},g" \
		> "$pkgdir"/usr/bin/nss-config
	chmod 755 "$pkgdir"/usr/bin/nss-config
	local minor=${pkgver#*.}
	minor=${minor%.*}
	for file in $(find dist/*.OBJ/lib -name "*.so"); do
		install -m755 $file \
			"$pkgdir"/usr/lib/${file##*/}.$minor
		ln -s ${file##*/}.$minor "$pkgdir"/usr/lib/${file##*/}
	done
	install -m644 dist/*.OBJ/lib/*.a "$pkgdir"/usr/lib/
	install -m644 dist/*.OBJ/lib/*.chk "$pkgdir"/usr/lib/

	for file in certutil cmsutil crlutil modutil pk12util shlibsign \
			signtool signver ssltap; do
		install -m755 dist/*.OBJ/bin/$file "$pkgdir"/usr/bin/
	done
	install -m644 dist/public/nss/*.h "$pkgdir"/usr/include/nss/
	install -m644 dist/private/nss/blapi.h dist/private/nss/alghmac.h "$pkgdir"/usr/include/nss/private/
}

static() {
	default_static

	# remove libssl.a which conflicts with openssl
	rm "$subpkgdir"/usr/lib/libssl.a
}

dev() {
	# we cannot use default_dev because we need the .so symlinks in main package
	local i
	pkgdesc="Development files for nss"
	depends="$pkgname $depends_dev"

	mkdir -p "$subpkgdir"/usr/bin
	mv "$pkgdir"/usr/bin/nss-config "$subpkgdir"/usr/bin

	cd "$pkgdir"
	for i in usr/include usr/lib/pkgconfig usr/lib/*.a; do
		if [ -e "$pkgdir/$i" ] || [ -L "$pkgdir/$i" ]; then
			d="$subpkgdir/${i%/*}"  # dirname $i
			mkdir -p "$d"
			mv "$pkgdir/$i" "$d"
			rmdir "$pkgdir/${i%/*}" 2>/dev/null || true
		fi
	done
}

tools() {
	pkgdesc="Tools for the Network Security Services"
	replaces="nss"
	mkdir -p "$subpkgdir"/usr/
	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}

sha512sums="acae7b803a3219cd4b78216cb8a6352805741e42eca6a42a5e6289ebbabc6189c7c6bc138cbd8a93d8631d06175c4d34e72957d49fe726adada6aaa2566e399e  nss-3.55.tar.gz
75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531  nss.pc.in
0f2efa8563b11da68669d281b4459289a56f5a3a906eb60382126f3adcfe47420cdcedc6ab57727a3afeeffa2bbb4c750b43bef8b5f343a75c968411dfa30e09  nss-util.pc.in
09c69d4cc39ec9deebc88696a80d0f15eb2d8c94d9daa234a2adfec941b63805eb4ce7f2e1943857b938bddcaee1beac246a0ec627b71563d9f846e6119a4a15  nss-softokn.pc.in
2971669e128f06a9af40a5ba88218fa7c9eecfeeae8b0cf42e14f31ed12bf6fa4c5ce60289e078f50e2669a9376b56b45d7c29d726a7eac69ebe1d1e22dc710b  nss-config.in"
